CN110086872B - Data processing method and system of SCADA system - Google Patents
Data processing method and system of SCADA system Download PDFInfo
- Publication number
- CN110086872B CN110086872B CN201910354103.0A CN201910354103A CN110086872B CN 110086872 B CN110086872 B CN 110086872B CN 201910354103 A CN201910354103 A CN 201910354103A CN 110086872 B CN110086872 B CN 110086872B
- Authority
- CN
- China
- Prior art keywords
- data
- operation instruction
- real
- request
- scada system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses a data processing method and a data processing system of an SCADA system, which comprise the following steps: an access interface service providing step; identity verification step; an operation instruction requesting step; an operation instruction request auditing step; a data access step; acquiring operation data: and the data client acquires the running data corresponding to the operation instruction request. The invention provides a data processing method and a data processing system of an SCADA system, which are used for providing a plurality of clients with strong real-time data service capability of an industrial real-time database, concurrently issuing SCADA real-time operation instruction data in real time, replacing the original mode of directly accessing an SCADA real-time database, greatly reducing the logic check pressure issued by the SCADA system instruction, and in addition, shielding the name information of the original operation instruction through a common encryption algorithm to ensure the data security requirement of accessing the SCADA system by different applications. And registering and verifying identity information through the client, and establishing an operation authority level access mechanism.
Description
Technical Field
The invention relates to the technical field of energy automation, in particular to a data processing method and a data processing system of an SCADA (supervisory control and data acquisition) system.
Background
An scada (supervisory Control And Data acquisition) system, i.e. a Data acquisition And monitoring Control system. The SCADA System is a computer-based DCS (Distributed Control System) and an electric power automation monitoring System.
An industrial Real-Time DataBase (RTDB-Real Time DataBase) is a branch of DataBase system development, is generated by combining a DataBase technology with a Real-Time processing technology, can directly collect and acquire various data in the operation process of an enterprise in Real Time, and converts the data into public information effective to various services.
In the field of industrial automation control, SCADA (supervisory control and data acquisition) equipment is commonly used for acquiring data and monitoring field operation equipment, various instruments and communication equipment are installed on the field, and an SCADA system acquires data through a communication protocol. For the SCADA system with a large scale of data acquisition task, the acquisition range is usually divided according to the area, and the IOSERVER is deployed to complete the data acquisition task, the IOSERVER acquisition process needs to establish communication with the SCADA real-time base, and the acquired change data is fed back to the SCADA real-time base in time.
SCADA system operating environment: the SCADA server runs SCADA real-time library software and a configuration database, and the acquisition node server runs IOSERVER data acquisition software. The IOSERVER software system collects real-time data from the field communication equipment according to the requirements of the configuration database, the real-time data is fed back to the SCADA real-time base, the SCADA real-time base receives real-time operation instruction data written in by the client and issues the real-time operation instruction data to the field communication equipment, and the field communication equipment executes related instruction actions or operation state changes after receiving the issued data.
However, each application is different, so that the SCADA operation instruction data to be issued is different, and the data access mode adopted is different according to the characteristics of the application itself. For example, applications in LINUX environment do not support OPC, and DBSERVER requires SCADA vendors to develop access authorization and interfaces.
The SCADA system generally limits the number of clients accessing the real-time library and the access frequency, and if a plurality of clients in an application layer access the SCADA real-time library, the real-time tasks of the SCADA system are too many, and the operation efficiency of the SCADA system is seriously influenced. The control logic of the SCADA system needs to perform logic verification on the operation control instruction of each client, and if the tasks are excessive, the overall data processing speed of the SCADA is affected.
In summary, the existing SCADA system has the following technical problems:
(1) the implementation and maintenance workload of multi-client data issuing is large;
(2) communication deployment and implementation costs increase;
(3) the data security and confidentiality are poor;
(4) the logic check task amount of the operation instruction is large, and the overall data processing speed is low.
Disclosure of Invention
The invention provides a data processing method and a data processing system of an SCADA system, which can provide a plurality of clients with the strong real-time data service capability of an industrial real-time database, concurrently issue SCADA real-time operation instruction data in real time, replace the original mode of directly accessing an SCADA real-time database, and greatly reduce the logic check pressure issued by the SCADA system instruction.
In a first aspect, the present invention provides a data processing method for an SCADA system, including:
an access interface service providing step: the SCADA system collects operation data of industrial field equipment and provides a data access interface for the data gateway so as to access a real-time library in the SCADA system;
identity verification step: the data client sends identity registration information and verification information to a data gateway so that the data gateway performs identity verification, and the data gateway records the identity information, the service type and the industrial role information of the data client;
an operation instruction requesting step: after the identity verification is approved, the data client sends an operation instruction request to the SCADA system through the data gateway;
an operation instruction request auditing step: the data gateway checks the operation instruction request and sends the operation instruction request to the SCADA system;
a data access step: after the operation instruction request is approved, the data gateway sends an operation instruction request to the SCADA system so as to access the operation data in the real-time library;
acquiring operation data: the data client acquires the running data corresponding to the operation instruction request;
acquiring operation data: and the data client acquires the running data corresponding to the operation instruction request.
Preferably, the first and second electrodes are formed of a metal,
the access interface service providing step further includes:
the I/O-server of the SCADA system collects the operation data of the industrial field equipment through a tag database;
writing the operation data of the industrial field equipment into a real-time library of an SCADA system;
the label database comprises a source measuring point ID, a source measuring point name, a source data description and a data access mode, and the data access mode comprises WEBSEVICE, DB and OPC.
Preferably, the first and second electrodes are formed of a metal,
the operation instruction requesting step further includes:
the data client generates a first operation instruction request list, wherein the first operation instruction request list comprises at least one operation instruction request, and the operation instruction request comprises a first data request sequence number and a first instruction description;
the data client sends the first operation instruction request list to the data gateway;
the data gateway acquires a source data description in a tag database to establish association with a first instruction description in the first operation instruction list to generate a second operation instruction list, wherein the second operation instruction list comprises identity information of a data client, a second data request sequence number, a source instruction name and an operation permission level of the data client;
the data gateway determines whether the corresponding data client has the operation instruction request authority or not according to the identity information of the data client and the operation authority level of the data client;
and the data gateway sends the operation instruction request of the data client with the operation instruction request authority to the SCADA system.
Preferably, the first and second electrodes are formed of a metal,
the data gateway comprises a data access table and an operation instruction list,
the data gateway sends the operation instruction request of the data client with the operation instruction request authority to the SCADA system, and the method comprises the following steps:
the data gateway generates a target instruction name from the source measuring point name by adopting an encryption algorithm;
and respectively writing the second operation instruction list into a data access list and an operation instruction list based on the target instruction name, wherein the data access list comprises a second data request serial number, a real-time library queue number and a target instruction name, and the operation instruction list comprises a source measuring point name, a real-time library queue number and a target instruction name.
Preferably, the first and second electrodes are formed of a metal,
in the operation instruction requesting step, the sending an operation instruction request to the SCADA system through the data gateway includes:
the data client acquires a second data request serial number from the data access table of the data gateway;
the data client acquires the real-time library queue number and the target instruction name in the data access table through the second data request serial number;
the data client accesses a real-time instruction resource pool through a real-time library queue number and a target instruction name in the data access table so as to write an operation instruction request corresponding to the real-time queue number into an application queue, wherein the application queue comprises the real-time library queue number and the target instruction name;
the data gateway acquires corresponding operation instruction requests from the application queue according to the first-in first-out sequence;
and the data gateway performs logic audit on the operation instruction request through an instruction logic audit tool.
Preferably, the first and second electrodes are formed of a metal,
the data gateway logically audits the operation instruction request through an instruction logic auditing tool, and the data gateway logically audits the operation instruction request includes:
and the data gateway acquires the operation data and the state data of the industrial field equipment from the SCADA system through an instruction logic auditing tool so as to judge whether the operation instruction request conforms to the operation logic.
Preferably, the first and second electrodes are formed of a metal,
the data accessing step further comprises:
and the data gateway sends the operation instruction request to the SCADA system through a data issuing module.
Preferably, the first and second electrodes are formed of a metal,
the data accessing step further comprises:
the data gateway accesses the real-time library through a data service module of the SCADA system to acquire operation data corresponding to the operation instruction request in the real-time library;
and writing the operation data into a feedback queue of the real-time instruction resource pool, which corresponds to the application queue.
Preferably, the acquiring the operation data comprises:
and the data client acquires the operating data corresponding to the operating instruction request from the feedback queue corresponding to the application queue according to the first-in first-out sequence.
In a second aspect, the present invention provides a data processing system of a SCADA system, the system comprising:
at least one data client and a data gateway;
and the data gateway performs identity verification and operation instruction request verification on the data client, sends the operation instruction request sent by the data client to the SCADA system, accesses a real-time library of the SCADA system, and acquires operation data corresponding to the operation instruction request in the real-time library.
The invention provides a data processing method and a data processing system of an SCADA system, which are used for providing a plurality of clients with strong real-time data service capability of an industrial real-time database, concurrently issuing SCADA real-time operation instruction data in real time, replacing the original mode of directly accessing an SCADA real-time database, greatly reducing the logic check pressure issued by the SCADA system instruction, and in addition, shielding the name information of the original operation instruction through a common encryption algorithm to ensure the data security requirement of accessing the SCADA system by different applications.
And the identity information is registered and verified through the client, an operation authority level access mechanism is established, and the clients with different operation authorities are effectively prevented from issuing the same operation instruction at the same time.
Drawings
In order to more clearly illustrate the embodiments or prior art solutions in the present specification, the drawings needed to be used in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without any creative effort.
FIG. 1 is a schematic diagram of a data processing method of a SCADA system in the prior art;
fig. 2 is a schematic system diagram of a data processing method of the SCADA system according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a data processing method of the SCADA system according to an embodiment of the present invention.
Fig. 4 is a schematic operational flow diagram of sending an operation instruction request and acquiring operation data according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
The system principle of a data processing method of a SCADA system in the prior art is described below with reference to fig. 1.
Fig. 1 is a schematic system diagram of a data processing method of a SCADA system in the prior art.
As shown in fig. 1, an implementation manner of a SCADA operation instruction real-time issuing system or an implementation manner of a data client accessing operation data in a real-time library of a SCADA system is as follows:
firstly, acquiring IOSERVER software according to deployment, and configuring communication objects and data items to be acquired by the IOSERVER; the IOSERVER and the SCADA real-time base establish a data path, and real-time data are fed back to the SCADA real-time base; the real-time library of the SCADA system receives operation data (real-time data) of industrial field equipment, and the IOSERVER issues the real-time data to the communication equipment;
then, the upper layer application (e.g., data client, which may include but is not limited to the WEB client, the SDK client, and the OPC client shown in the figure) generally needs to issue an operation instruction request to the SCADA system. In this step, because the upper layer applications are different, the data items of the operation instruction requests required to be issued to the SCADA system are different, and the data access modes adopted are also different according to the characteristics of the applications. For example: normally, the application under LINUX does not support OPC, and DBSERVER needs SCADA manufacturer to develop access authorization and interface. In addition, the SCADA system generally limits the number and access frequency of clients accessing upper-layer applications of the real-time library, and accessing the SCADA real-time library by a plurality of clients in the application layer may result in excessive real-time tasks of the SCADA system, which seriously affects the operating efficiency of the SCADA system. And the SCADA control logic needs to carry out logic verification on the operation control instruction of each client, and the overall data processing speed of the SCADA is too much.
And finally, the SCADA system sends the running data corresponding to the operation instruction request to the corresponding upper-layer application client through a specific interface and an access mode.
In summary, the system flow shown in fig. 1 has the following problems: (1) the implementation and maintenance workload of multi-client data issuing is large; (2) communication deployment and implementation costs increase; (3) the data security and confidentiality are poor; (4) the logic check task amount of the operation instruction is large.
In order to solve the above problems, the present invention provides a data processing method of an SCADA system. The following detailed description is made with reference to the accompanying drawings.
Fig. 2 is a schematic system diagram of a data processing method of the SCADA system according to an embodiment of the present invention.
As shown in fig. 2, including but not limited to a data client a and a data client B, and a data gateway (including a data delivery module and an industrial real-time database), wherein the data delivery module may have various interfaces, such as a webervice interface, an SDK call interface, an OPC protocol interface, and the like, and thus may support various types of upper layer applications. The data client side uniformly writes the operation instruction requests to be issued into the shared industrial real-time database, and after the data client side with higher operation authority applies for a certain operation instruction, the data client side with lower operation authority fails to apply and execute the operation instruction.
Based on the system structure shown in fig. 2, the invention provides a data processing method of a SCADA system.
Fig. 3 is a schematic flowchart of a data processing method of the SCADA system according to an embodiment of the present invention.
As shown in fig. 3, a data processing method of the SCADA system includes the following steps:
an access interface service providing step: the SCADA system collects operation data of the industrial field equipment and provides a data access interface for the data gateway so as to access the real-time library in the SCADA system.
Identity verification step: the data client sends identity registration information and verification information to the data gateway so that the data gateway performs identity verification, and the data gateway records the identity information, the service type and the industrial role information of the data client.
An operation instruction requesting step: and after the identity verification is approved, the data client sends an operation instruction request to the SCADA system through the data gateway.
An operation instruction request auditing step: and the data gateway audits the operation instruction request and sends the operation instruction request to the SCADA system.
A data access step: and after the operation instruction request is approved, the data gateway sends an operation instruction request to the SCADA system so as to access the operation data in the real-time library.
Acquiring operation data: and the data client acquires the running data corresponding to the operation instruction request.
Fig. 4 is a schematic operational flow diagram of sending an operation instruction request and acquiring operation data according to an embodiment of the present invention.
As shown in figure 4 of the drawings,
first, the access interface service providing step may be implemented as:
(1) the I/O-server of the real-time library A1 of the SCADA system collects field data (operation data) of the industrial equipment through a source TAG table L1 (label database), and writes the operation data into the real-time library A1 of the SCADA system;
the source TAG table L1 (TAG database) includes: the method comprises the following steps of (1) obtaining a source measuring point ID, a source measuring point name TAG _ S, a source data description TAG _ DESC and a data access mode; the data access mode comprises the following steps: WEBSEVICE, DB, OPC.
(2) And a data service module of the SCADA system A provides real-time data acquisition interface service for the data gateway B.
Second, the identity verification step may be implemented as:
(1) the identity registration and verification V1 of the data client C verifies the client identity to the data access control S1, performing the C _1 procedure;
(2) the data access control S1 records the identity information CV provided by the data client C, including the business type and role definition.
Third, the operation instruction requesting step may be implemented as: the data client generates a first operation instruction request list, wherein the first operation instruction request list comprises at least one operation instruction request, and the operation instruction request comprises a first data request sequence number and a first instruction description;
the data client sends the first operation instruction request list to the data gateway;
the data gateway acquires a source data description in a tag database to establish association with a first instruction description in the first operation instruction list to generate a second operation instruction list, wherein the second operation instruction list comprises identity information of a data client, a second data request sequence number, a source instruction name and an operation permission level of the data client;
the data gateway determines whether the corresponding data client has the operation instruction request authority or not according to the identity information of the data client and the operation authority level of the data client;
and the data gateway sends the operation instruction request of the data client with the operation instruction request authority to the SCADA system.
The description is made with reference to fig. 4:
(1) the data request Q1 generates a SCADA operation instruction request list X1 (first operation instruction request list) to be accessed, and executes a C _2 procedure, where the C _2 procedure is to send an operation instruction request list X1 (first operation instruction request list) to the data access control S1, and the operation instruction request list X1 (first operation instruction request list) includes a data request sequence number QID (first data request sequence number), and an instruction description TAG _ DESC (first instruction description);
(2) the data access control S1 of the data gateway B matches the instruction descriptions of the operation instruction request list X1 (first operation instruction list) with the operation instruction correspondence table X1 (first operation instruction list), and generates an operation instruction correspondence table X2 (second operation instruction list).
Exemplarily, the matching process establishes association between the data description TAG _ DESC of the source TAG table L1 and the data description TAG _ DESC of the operation instruction request list X1, and generates an operation instruction correspondence table X2 (a second operation instruction list);
the operation instruction correspondence table X1 includes a source instruction name TAG _ S and an instruction description TAG _ DESC, and the instruction description of each data client is matched and generated through manual review by using a special instruction authorization tool T1 by the data access control S1 of the data gateway B;
the operation instruction correspondence table X2 (second operation instruction list) includes a data request sequence number QID (second data request sequence number), a source instruction name TAG _ S.
(3) The data access control of the data gateway B automatically judges the operation instruction authority of the operation instruction correspondence table X2 (second data request serial number) one by one, and if the instruction without the operation authority fails, the feedback request fails.
In an exemplary embodiment, the determining process is that after applying for a certain operation instruction according to a client with a higher operation authority level, the client with a lower operation authority level fails to apply and execute the operation instruction.
Wherein the operation instruction access control table X2 is generated using the dedicated access authority T2.
Illustratively, the instruction access control table X2 includes a data client identity CV, a source instruction name TAG _ S, an operation authority level.
(4) And calculating the source measuring point name TAG _ S by using a conventional cryptographic algorithm to generate a target instruction name TAG _ O, wherein the TAG _ O shields the name content contained in the original instruction name TAG _ S.
(5) Synchronously executing C _3 process and C _4 process
The C _3 process is to write the data items passing the authority to the data list B2 (operation instruction list), and the C _4 process is to write the data items passing the authority to the data access table B1.
Illustratively, the data access table B1 includes: a data request serial number QID, a real-time library queue number DB _ N and a target index name TAG _ O;
illustratively, the operating instruction list B2 includes: a source instruction name TAG _ S, a real-time library queue number DB _ N and a target instruction name TAG _ O.
Fourthly, the operation instruction requests an auditing step.
Illustratively, the data gateway performs logic audit on the operation instruction request through an instruction logic audit tool. Further, the data gateway acquires the operation data and the state data of the industrial field device from the SCADA system through an instruction logic auditing tool so as to judge whether the operation instruction request conforms to the operation logic.
Fifthly, in a data access step, for example, the data gateway sends the operation instruction request to the SCADA system through a data issuing module. Further, the data gateway accesses the real-time library through a data service module of the SCADA system to acquire operation data corresponding to the operation instruction request in the real-time library; and writing the operation data into a feedback queue of the real-time instruction resource pool, which corresponds to the application queue.
Exemplarily, (1) the operation instruction issuing Q2 obtains the real-time library instruction queue number DB _ N and the target instruction name TAG _ O of the corresponding table of the required data access table B1 through QID, and executes the C _5 process; (2) the operation instruction issuing Q2 accesses the real-time data resource pool D through DB _ N, TAG _ O, writes the operation instruction into the application queue Q _ N through accessing the real-time database with the number corresponding to DB _ N, executes the C _6 process, and the data corresponding to the TAG _ O is the source instruction TAG _ S data to be issued, and the issued content simultaneously comprises the operation data of the instruction. (3) The instruction auditing and issuing task S2 acquires operation instruction data from the real-time library request queue Q _ N, and executes the B _1 process, wherein the TAG _ S in the operation instruction data correspondingly shields the TAG _ O of the original measuring point name information; the queue data is obtained according to the first-in first-out rule. (4) The instruction auditing and issuing task S2 carries out D correspondence conversion on the operation instruction TAG _ O data into TAG _ S, executes the B _2 process and generates operation instruction data to be audited and issued; (5) the instruction logic auditing tool T3 executes logic auditing on the operation instruction data to be audited and issued, and returns an operation logic result R1 instruction logic auditing tool T3 working principle: and acquiring real-time information of each operating parameter and state from the SCADA system, and judging whether the instruction operation conforms to the operation logic or not, wherein the instruction operation can replace the operation instruction logic audit in the SCADA system. (6) According to the logic auditing result R1, executing the operation instruction issuing process: 1) the logic audit result R1 is a result of passing: the instruction auditing and issuing task S2 of the data gateway issues the operation instruction which passes the auditing to the data item of the SCADA system, and executes the B _3 process; 2) the logic audit result R1 is not passed, no operation instruction is issued, and only the audit result is recorded. Outputting the execution result to a feedback queue F _ N corresponding to the real-time library number DB _ N to complete the task issuing process of the operation instruction; and acquiring a data access mode corresponding to the source measuring point name TAG _ S through the source TAG table L1.
And sixthly, acquiring running data, wherein the data client acquires the running data corresponding to the operation instruction request from a feedback queue corresponding to the application queue according to a first-in first-out sequence.
Illustratively, the operation instruction issuing Q2 obtains the operation instruction issuing condition by accessing the feedback queue F _ N corresponding to the real-time library number DB _ N. And acquiring the feedback queue data according to a first-in first-out rule.
The present invention also provides a data processing system of a SCADA system, the system comprising: at least one data client and a data gateway; and the data gateway performs identity verification and operation instruction request verification on the data client, sends the operation instruction request sent by the data client to the SCADA system, accesses a real-time library of the SCADA system, and acquires operation data corresponding to the operation instruction request in the real-time library.
The invention provides a data processing method and a data processing system of an SCADA system, which are used for providing a plurality of clients with strong real-time data service capability of an industrial real-time database, concurrently issuing SCADA real-time operation instruction data in real time, replacing the original mode of directly accessing an SCADA real-time database, greatly reducing the logic check pressure issued by the SCADA system instruction, and in addition, shielding the name information of the original operation instruction through a common encryption algorithm to ensure the data security requirement of accessing the SCADA system by different applications.
And the identity information is registered and verified through the client, an operation authority level access mechanism is established, and the clients with different operation authorities are effectively prevented from issuing the same operation instruction at the same time.
In all embodiments of the present invention, at a hardware level, the present invention may further include a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
In a possible implementation manner, the processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program, and the corresponding computer program can also be acquired from other devices. And the processor executes the program stored in the memory so as to realize the data processing method of the SCADA system provided by any embodiment of the invention through the executed program.
The embodiments described above may be applied to or implemented by a processor of one or more devices, terminals. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
Embodiments of the present specification also propose a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by an electronic device comprising a plurality of application programs, are capable of causing the electronic device to perform the data processing method of the SCADA system provided in any embodiment of the present invention, and in particular to perform the method as shown in fig. 3 and/or fig. 4.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units or modules by function, respectively. Of course, the functionality of the various elements or modules may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.
Claims (6)
1. A data processing method of a SCADA system is characterized by comprising the following steps:
an access interface service providing step: the SCADA system collects operation data of industrial field equipment and provides a data access interface for the data gateway so as to access the data access interface provided by a real-time library in the SCADA system;
identity verification step: the data client sends identity registration information and verification information to a data gateway so that the data gateway performs identity verification, and the data gateway records the identity information, the service type and the industrial role information of the data client;
an operation instruction requesting step: after the identity verification is approved, the data client sends an operation instruction request to the SCADA system through the data gateway;
an operation instruction request auditing step: the data gateway checks the operation instruction request and sends the operation instruction request to the SCADA system;
a data access step: after the operation instruction request is approved, the data gateway sends an operation instruction request to the SCADA system so as to access the operation data in the real-time library;
acquiring operation data: the data client acquires the running data corresponding to the operation instruction request;
wherein the access interface service providing step further comprises:
the I/O-server of the SCADA system collects the operation data of the industrial field equipment through a tag database;
writing the operation data of the industrial field equipment into a real-time library of an SCADA system;
the label database comprises a source measuring point ID, a source measuring point name, a source data description and a data access mode, wherein the data access mode comprises WEBSEVICE, DB and OPC;
the operation instruction requesting step further includes:
the data client generates a first operation instruction request list, wherein the first operation instruction request list comprises at least one operation instruction request, and the operation instruction request comprises a first data request sequence number and a first instruction description;
the data client sends the first operation instruction request list to the data gateway;
the data gateway acquires a source data description in a tag database to establish association with a first instruction description in the first operation instruction list to generate a second operation instruction list, wherein the second operation instruction list comprises identity information of a data client, a second data request sequence number, a source instruction name and an operation permission level of the data client;
the data gateway determines whether the corresponding data client has the operation instruction request authority or not according to the identity information of the data client and the operation authority level of the data client;
the data gateway sends an operation instruction request of a data client with an operation instruction request authority to the SCADA system;
wherein the data gateway comprises a data access table and an operation instruction list,
further, the sending, by the data gateway, the operation instruction request of the data client having the operation instruction request authority to the SCADA system includes:
the data gateway generates a target instruction name from the source measuring point name by adopting an encryption algorithm, wherein the target instruction name shields the name content contained in the source measuring point name;
and respectively writing the second operation instruction list into a data access list and an operation instruction list based on the target instruction name, wherein the data access list comprises a second data request serial number, a real-time library queue number and a target instruction name, and the operation instruction list comprises a source measuring point name, a real-time library queue number and a target instruction name.
2. The method according to claim 1, wherein in the operation instruction request step, the sending an operation instruction request to the SCADA system through the data gateway comprises:
the data client acquires a second data request serial number from the data access table of the data gateway;
the data client acquires the real-time library queue number and the target instruction name in the data access table through the second data request serial number;
the data client accesses a real-time instruction resource pool through a real-time library queue number and a target instruction name in the data access table so as to write an operation instruction request corresponding to the real-time library queue number into an application queue, wherein the application queue comprises the real-time library queue number and the target instruction name;
the data gateway acquires corresponding operation instruction requests from the application queue according to the first-in first-out sequence;
and the data gateway performs logic audit on the operation instruction request through an instruction logic audit tool.
3. The method of claim 2, wherein the data gateway performing a logical audit on the operation instruction request through an instruction logical audit tool comprises:
and the data gateway acquires the operation data and the state data of the industrial field equipment from the SCADA system through an instruction logic auditing tool so as to judge whether the operation instruction request conforms to the operation logic.
4. The method of claim 2, wherein the data accessing step further comprises:
and the data gateway sends the operation instruction request to the SCADA system through a data issuing module.
5. The method of claim 2, wherein the data accessing step further comprises:
the data gateway accesses the real-time library through a data service module of the SCADA system to acquire operation data corresponding to the operation instruction request in the real-time library;
and writing the operation data into a feedback queue of the real-time instruction resource pool, which corresponds to the application queue.
6. The method of claim 5, wherein the obtaining operational data comprises:
and the data client acquires the operating data corresponding to the operating instruction request from the feedback queue corresponding to the application queue according to the first-in first-out sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910354103.0A CN110086872B (en) | 2019-04-29 | 2019-04-29 | Data processing method and system of SCADA system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910354103.0A CN110086872B (en) | 2019-04-29 | 2019-04-29 | Data processing method and system of SCADA system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110086872A CN110086872A (en) | 2019-08-02 |
| CN110086872B true CN110086872B (en) | 2022-03-01 |
Family
ID=67417682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910354103.0A Active CN110086872B (en) | 2019-04-29 | 2019-04-29 | Data processing method and system of SCADA system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110086872B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111142480B (en) * | 2019-12-09 | 2023-04-25 | 南京国电南自维美德自动化有限公司 | Safety communication method, system and distributed control system of process control station |
| CN111371653A (en) * | 2020-03-13 | 2020-07-03 | 杭州和利时自动化有限公司 | Equipment monitoring data display method and related device |
| CN113011856B (en) * | 2021-04-16 | 2024-04-19 | 新奥数能科技有限公司 | Online residence method and device for energy enterprise, electronic equipment and medium |
| CN117150534B (en) * | 2023-10-30 | 2024-01-30 | 西安热工研究院有限公司 | Trusted DCS upper computer application access control method and system based on authority management |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8639922B2 (en) * | 2009-06-01 | 2014-01-28 | Dhananjay S. Phatak | System, method, and apparata for secure communications using an electrical grid network |
| CN103872778B (en) * | 2014-03-15 | 2016-03-02 | 内蒙古大唐国际新能源有限公司 | The wind-powered electricity generation control centre device that a kind of redundancy is arranged |
| CN108989265A (en) * | 2017-05-31 | 2018-12-11 | 西门子公司 | access control method, device and system |
| CN108200069B (en) * | 2018-01-09 | 2021-05-28 | 北京中电普华信息技术有限公司 | Access method and device of distributed SCADA system |
| CN109886041B (en) * | 2019-01-30 | 2021-09-24 | 新奥数能科技有限公司 | Real-time data acquisition method and device |
-
2019
- 2019-04-29 CN CN201910354103.0A patent/CN110086872B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110086872A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110086872B (en) | Data processing method and system of SCADA system | |
| CN109033774B (en) | Method and device for acquiring and feeding back user resources and electronic equipment | |
| CN109697204B (en) | Data auditing method and device | |
| TWI706654B (en) | Authentication method, authentication data processing method and device based on blockchain | |
| CN111401902B (en) | Service processing method, device and equipment based on block chain | |
| WO2021238954A1 (en) | Installation management of applet applications | |
| CN113079200A (en) | Data processing method, device and system | |
| WO2019052411A1 (en) | A binding method, device and system for smart apparatus, and telecommunications system | |
| CN111814172A (en) | Method, device and equipment for acquiring data authorization information | |
| CN110955903B (en) | Privacy resource authority control method, device and equipment based on intelligent graph calculation | |
| CN114979103A (en) | Open API integration and management method and computer equipment | |
| US10740759B2 (en) | Dynamically generated payment token ratings | |
| US11477187B2 (en) | API key access authorization | |
| CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
| CN111651467A (en) | Block chain link point interface issuing and calling method and device | |
| US11783065B2 (en) | Business data protection for running tasks in computer system | |
| CN114692172A (en) | User request processing method and device | |
| CN111259429A (en) | Resource operation authority control method and device and electronic equipment | |
| CN114969832B (en) | Private data management method and system based on server-free architecture | |
| US20180302445A1 (en) | Secure policy audit in shared enforcement environment | |
| US9854398B1 (en) | System, method and recording medium for location verification | |
| CN115511595A (en) | Service execution method and device based on block chain | |
| CN113807969A (en) | Parallel verification method for service system and related equipment | |
| CN113419952A (en) | Cloud service management scene testing device and method | |
| US11627132B2 (en) | Key-based cross domain registration and authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |